一、实验拓扑
二、实验要求
1、内网IP地址172.16.0.0/16合理分配;
2、SW1/2之间互为备份;
3、VRRP/STP/VLAN/TRUNK均使用;
4、所有PC通过DHCP获取IP地址;
三、实验思路
1、配置ISP的IP地址;
2、配置R1的IP地址,静态路由,nat配置;
3、SW1/2/3/4的接口类型配置;
4、SW1/2的生成树的配置,生成树优化,IP地址配置;
5、SW3/4的边缘接口配置;
6、开启SW1/2的DHCP服务,配置DHCP地址池;
7、配置SW1/2的缺省路由,实现全网可达;
8、测试;
四、实验配置
ISP配置:
//基础配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP
[ISP]int l0
[ISP-LoopBack0]ip add 1.1.1.1 24
[ISP-LoopBack0]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.1.1.2 24
R1配置:
sys
sys R1
int g0/0/2
ip add 12.1.1.1 24
int g0/0/0
ip add 172.16.0.1 30
int g0/0/1
ip add 172.16.0.5 30
qu
rip 1
ver 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 12.1.1.2
acl 2000
rule permit source 172.16.0.0 0.0.0.255
int g0/0/2
nat outbound 2000
SW1配置
sys
sys SW1
vlan batch 2 100
int Eth-Trunk 0
q
int e0/0/1
eth-trunk 0
int e0/0/2
eth-trunk 0
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan all
qu
stp mode mstp
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
qu
stp instance 1 root primary
stp instance 2 root secondary
interface vlan 1 //配置svi时,顺便把虚拟IP地址配了,使客户端在更换网关设备后,不变更网关,以然可以上网
ip add 172.16.0.129 26
vrrp vrid 1 virtual-ip 172.16.0.190
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
interface vlan 2
ip add 172.16.0.193 26
vrrp vrid 1 virtual-ip 172.16.0.254
qu
int vlan 100
ip address 172.16.0.2 255.255.255.252
int g0/0/1
port link-type access
port default vlan 100
qu
rip 1
version 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 172.16.0.1
dhcp enable
ip pool v1
network 172.16.0.128 mask 26
gateway-list 172.16.0.190
dns-list 8.8.8.8
qu
ip pool v2
network 172.16.0.192 mask 26
gateway-list 172.16.0.254
dns-list 8.8.8.8
qu
int vlan 1
dhcp select global
int vlan 2
dhcp select global
SW2配置:
sys
sys SW2
vlan batch 2 100
int e0/0/1
eth-trunk 0
int e0/0/2
eth-trunk 0
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4 Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan all
qu
stp mode mstp
stp enable
stp region-configuration
region-name a
instance 1 vlan 1
instance 2 vlan 2
active region-configuration
qu
stp instance 1 root secondary
stp instance 2 root primary
interface vlan 1 //配置svi时,顺便把虚拟IP地址配了,使客户端在更换网关设备后,不变更网关,以然可以上网
ip add 172.16.0.130 26
vrrp vrid 1 virtual-ip 172.16.0.190
interface vlan 2
ip add 172.16.0.194 26
vrrp vrid 1 virtual-ip 172.16.0.254
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
qu
int vlan 100
ip address 172.16.0.6 255.255.255.252
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
qu
rip 1
version 2
network 172.16.0.0
qu
ip route-static 0.0.0.0 0 172.16.0.5
dhcp enable
ip pool v1
network 172.16.0.128 mask 26
gateway-list 172.16.0.190
dns-list 8.8.8.8
qu
ip pool v2
network 172.16.0.192 mask 26
gateway-list 172.16.0.254
dns-list 8.8.8.8
qu
int vlan 1
dhcp select global
int vlan 2
dhcp select global
SW3配置:
sys
sys SW3
vlan 2
qu
interface e0/0/2
port link-type access
port default vlan 2
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
qu
port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
stp edged-port enable
qu
SW4配置:
sys
sys SW4
vlan 2
qu
interface e0/0/2
port link-type access
port default vlan 2
port-group group-member Ethernet 0/0/3 Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all
qu
port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
stp edged-port enable
qu
五、测试
PC1pingISP的环回地址:
PC2pingISP的环回地址:
PC1pingPC4:
切换VLAN1的根网桥:
)
)
)
)
